This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Parameter Delimiter"
| Line 2: | Line 2: | ||
==Description== | ==Description== | ||
| + | This attack is based on manipulation of parameters delimiter used by web application input vectors, in order to cause unexpected behaviors like access control and authorization bypass, information disclosure, among others. | ||
| − | + | ==Severity== | |
| + | High | ||
| + | ==Likelihood of exploitation== | ||
| + | Medium | ||
==Examples == | ==Examples == | ||
| − | |||
In order to illustrate this vulnerability, it’ll be used a vulnerability found on Poster V2, a posting system based on PHP programming language. | In order to illustrate this vulnerability, it’ll be used a vulnerability found on Poster V2, a posting system based on PHP programming language. | ||
| Line 32: | Line 35: | ||
Although this vulnerability doesn’t allow manipulation of others user profiles, it allows privilege escalation for application users. | Although this vulnerability doesn’t allow manipulation of others user profiles, it allows privilege escalation for application users. | ||
| − | |||
==External References== | ==External References== | ||
| − | |||
*http://cwe.mitre.org/data/definitions/141.html | *http://cwe.mitre.org/data/definitions/141.html | ||
| − | |||
*http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307 | *http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307 | ||
| − | |||
==Related Threats== | ==Related Threats== | ||
| − | |||
[[:Category: Authorization]] | [[:Category: Authorization]] | ||
| − | |||
[[:Category: Command Execution]] | [[:Category: Command Execution]] | ||
| − | |||
==Related Attacks== | ==Related Attacks== | ||
| − | |||
[[:Category:Injection Attack]] | [[:Category:Injection Attack]] | ||
| − | |||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
| − | |||
[[:Category: Input Validation Vulnerability]] | [[:Category: Input Validation Vulnerability]] | ||
| − | |||
==Related Countermeasures== | ==Related Countermeasures== | ||
| − | |||
[[:Category: Input Validation Vulnerability]] | [[:Category: Input Validation Vulnerability]] | ||
| − | + | [[Category:Injection]] | |
| − | + | [[Category:Attack]] | |
| − | |||
| − | [[ | ||
Revision as of 17:20, 5 November 2007
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
This attack is based on manipulation of parameters delimiter used by web application input vectors, in order to cause unexpected behaviors like access control and authorization bypass, information disclosure, among others.
Severity
High
Likelihood of exploitation
Medium
Examples
In order to illustrate this vulnerability, it’ll be used a vulnerability found on Poster V2, a posting system based on PHP programming language.
This application has a dangerous vulnerability that allows inserting data into user fields (username, password, email address and privileges) in “mem.php” file, which is responsible for managing application user.
An example of the file “mem.php”, where user Jose has admin privileges and Alice user access:
<? Jose|12345678|[email protected]|admin| Alice|87654321|[email protected]|normal| ?>
When a user wants to edit his profile, he must use edit account” option in the “index.php” page and enter his login information. However, using “|” as a parameter delimiter on email field followed by “admin”, the user could elevate his privileges to administrator. Example:
Username: Alice Password: 87654321 Email: [email protected] |admin|
This information will be recorded in “mem.php” file like this:
Alice|87654321|[email protected]|admin|normal|
In this case, the last parameter delimiter considered is “|admin|” and the user could elevate his privileges by assigning administrator profile.
Although this vulnerability doesn’t allow manipulation of others user profiles, it allows privilege escalation for application users.
External References
- http://cwe.mitre.org/data/definitions/141.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307
Related Threats
Category: Authorization Category: Command Execution
Related Attacks
Related Vulnerabilities
Category: Input Validation Vulnerability
